dolanjs
commented
11 years ago thanks for the input. NTP and keeping secure time were issues we were concerned about. Do you also have puppet module for tlsdate?
Open ioerror opened 11 years ago
dolanjs
commented
11 years ago thanks for the input. NTP and keeping secure time were issues we were concerned about. Do you also have puppet module for tlsdate?
ioerror
commented
11 years ago dolanjs:
thanks for the input. NTP and keeping secure time were issues we were concerned about. Do you also have puppet module for tlsdate?
I don't have a puppet module; I'd gladly integrate one into the tlsdate git repo. Just apt-get install tlsdate and it will run tlsdated, which in turn runs tlsdate to keep the time in sync.
I wrote https://www.github.com/ioerror/tlsdate for systems where we wished to have relatively accurate (~1sec) clocks and as a simple trade off, we receive authenticated time. I suggest that rather than using ntp, you use tlsdate and use it over Tor. This should reduce the direct attack surface as it is written in a privilege separated manner. It will rarely touch the local network in an unprotected manner.